For my graduation project I developed a vulnerability scanner that scans websites for Cross-Site Scripting (XSS) and SQL Injection vulnerabilites.
This is my graduation project, so I humbly ask to lower your expectations :)
The user will be asked to enter the target's URL (The website they wish to scan). The scanner will start crawling the website collecting all the links inside the website.
Then with each crawled link, it will extract all the forms and href it finds. Then it will start testing for XSS and SQL Injection by injecting payloads into those forms,
checking the response for indication of a vulnerability. Then it returns the result if there is any.
- Flask
- Python
- Bootstrap
- HTML/CSS
- Python 3
- Flask
- Git
- Clone the repository:
git clone https://github.com/IBWThunder/Vulnerability-Scanner - Navigate to the project directory:
cd vulnerability-scanner - install the dependencies file:
pip install -r requirements.txt - Run the Flask application:
flask run - Open your browser and go to
http://127.0.0.1:5000to start using the scanner.
You will notice that the scanner logic is not strong enough for any website that have a mid level security or higher.
So start with testing something like DVWA: [https://pentest-ground.com:4280/]
Only really vulnerable websites like DVWA or Mutillidae can yield results, others will just return No Vulnerabilites detected.
I am currently focusing on other stuff. However, I might come back to this project in the future to enhance it even more.
This project is licensed under the MIT License. See the LICENSE file for more details.